Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microelectronics Supply Chain Illumination

Published byLorraine Sutton Modified over 7 years ago

Similar presentations

Presentation on theme: "Microelectronics Supply Chain Illumination"— Presentation transcript:

1 Microelectronics Supply Chain Illumination
Defense Security Service Microelectronics Supply Chain Illumination UNCLASSIFIED//FOUO

2 Standard Supply Chain Illumination Methods
Supply Chain illumination efforts are typically a top-down analysis. Analysis usually only goes 2-3 levels down, has low confidence levels, and provides vague information. From a Global Hawk Supply Chain illumination product 350+ companies identified Mostly 1st - 3rd tier suppliers Despite the volume of information, the data does not address our CI concerns Source: Summary of following slides Red: 2nd-3rd Tier suppliers, no information pertaining to subcomponents of these systems Green: Low confidence distributor of unspecified integrated circuits UNCLASSIFIED//FOUO

3 “Show us the Program’s supply chain” vs. “What are our CI concerns?”
Threats (Actors) Foreign Intelligence Entity (FIE) Organized Crime Insider Threat Threats (Vectors) Degraded Components Malicious Components IP Theft Vulnerabilities Counterfeits & Clones 3PIP PCB Assembly and a few other areas… Critical Assumptions All DoD ASICs Using Trusted Flows Trusted Flows Are Secure Targeting a Commercial Product During Fabrication is Unlikely More Appealing Vulnerabilities that offer the same end results with more plausible deniability Source: Summary of following slides UNCLASSIFIED//FOUO

4 Counterfeits Could the DoD be reliant on Chinese-origin gray market microelectronics? The gray market sells rare and obsolete parts no longer manufactured Majority of microelectronics in sustainment are obsolete Large percentage of parts in acquisition are obsolete or will be within a year We are highly confident the PRC knows this as it has been openly and repeatedly published The same companies that import counterfeits often violate export control laws Introduces supply reduction vulnerabilities Introduces supply reliability vulnerabilities Source: Various, DSS reporting, arrests/indictments, EETimes, etc. UNCLASSIFIED//FOUO

5 Counterfeits Heavy collaboration with AFOSI and IPRC ~2012 during Operation Chain Reaction 400+ entities that appear to knowingly import counterfeits 1,000+ known, or highly suspected counterfeiters Some third-party test houses appear complicit Noticeably Damaged Leads Pass w/ No Explanation Can’t Be Bothered to Zeroize?! Limited X-Rays Performed - Typically 1% of Reel - Not Compared to Anything UNCLASSIFIED//FOUO

6 Operation Chain Reaction
Jeffrey Krantz (Harry Krantz, LLC), waived his right to indictment and pleased guilty to selling remarked integrated circuits to the DoD QSLD qualified distributor Jeffrey Warga (Bay Components) waived his right to indictment and pleased guilty to conspiracy to commit wire fraud Engaged in a scheme to defraud businesses by falsely representing that electronic parts sold were not from Asia, when in they had purchased from companies located in Asia Warga and his con-conspirators knew the parts were counterfeit Peter Picone (Tytronix / Epic International) indictment Conspiracy, Trafficking in Counterfeit Goods, Wire Fraud, Money Laundering, Aiding and Abetting Sources of counterfeits: China and Hong Kong Arrest of three Chinese nationals (HK Potential) Illegally export controlled semiconductors Trafficking in counterfeit semiconductors Harry Krantz: Bay Components: Tytronix: United States v. Peter Picone, Filed 25 Jun 2013 HK Potential “THREE CHINESE NATIONALS ARRESTED FOR BRAZEN SCHEME TO STEAL AND ILLEGALLY EXPORT MILITARY-GRADE SEMICONDUCTORS “, December 10, 2015 UNCLASSIFIED//FOUO

7 Clones Node: 0.2µm 0.22µm Silicon substrate: FD SOI
Chinese VS12C Xilinx XQVR300* Node: 0.2µm 0.22µm Silicon substrate: FD SOI Bulk or Epitaxial silicon Block RAM: 64,000 65,636 IMUX Outputs: 30 26 Source: A Low Power and Radiation-Tolerant FPGA Implemented in FD SOI Process academic paper IMUX Inputs: 140 132 VCCO: 2.5v 3.3v SEU Threshold LET: 4 1.2 SEL LET: Immunity 125 MeV·cm²/mg * Ignore that this image is almost certainly a counterfeit UNCLASSIFIED//FOUO

8 Clones DoD reliance on gray market + Limited ability to track semiconductors in the supply chain + Foreign ability to reverse engineer obsolete components that the DoD purchases = Critical risk Collaborative work between IPRCC, Counterintelligence Elements, JFAC, Prime and Sub-contractors critical to addressing this issue UNCLASSIFIED//FOUO

9 3PIP Heavy foreign academic focus on insertion of hardware trojans via Third-Party IP and EDA tools Academic settings/cost likely explain this heavy slant Low cost, low difficulty, more targeted, potentially high consequences compared to FPGA-based hardware Trojans during fabrication or test/assembly Complete inability to find anyone, in any program, that can tell us what 3PIP is incorporated into their designs Categorized PIP providers and 15,000+ cores More than 60% reside outside of North America Majority of encryption, processor, and interface cores offer are sold by foreign vendors, often from Asia or Eastern Europe Main point: Most focus appears to be on FPGAs, CPLDs, MCUs, MPUs, etc. UNCLASSIFIED//FOUO

10 Summary Both approaches have shortfalls
Most companies and IC members work top-down Top-down approach rarely provides a complete look at the microelectronic components used in DoD systems Can’t lose sight of why we’re mapping out the supply chain Higher levels of abstraction should also consider shipment interdiction, storage security, and other methods of insider threat, but rarely do Desired effect/outcome vs. completing a survey/performing a task UNCLASSIFIED//FOUO

11 Questions? Defense Security Service Adam Hauch
UNCLASSIFIED//FOUO

Download ppt "Microelectronics Supply Chain Illumination"

Similar presentations

Copyright (C) The Open Group 2014 Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accredited Companies.

Copyright (C) The Open Group 2014 Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accredited Companies.
No U.S. Government export controlled content. No U.S.G. export restrictions apply 1 DoD Public Meeting: Detection and Avoidance of Counterfeit Electronic.

No U.S. Government export controlled content. No U.S.G. export restrictions apply 1 DoD Public Meeting: Detection and Avoidance of Counterfeit Electronic.
ARINC Overview Alliance Baltimore November 16, 2007.

ARINC Overview Alliance Baltimore November 16, 2007.
1 Vigilance–Enforcement–Abatement World Micro Training Program Diane Hummer, Mahendran Sanggaren 23 rd, July, 2012 Ministry of Domestic Trade Cooperatives.

1 Vigilance–Enforcement–Abatement World Micro Training Program Diane Hummer, Mahendran Sanggaren 23 rd, July, 2012 Ministry of Domestic Trade Cooperatives.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Advanced Manufacturing Technologies for Extending Microprocessor Availability Proactive Solution to Military Microprocessor Availability and Affordability.

Advanced Manufacturing Technologies for Extending Microprocessor Availability Proactive Solution to Military Microprocessor Availability and Affordability.
Semiconductors Manufacturers Anti Counterfeiting Activities Peter Marston Business Development and Technical Consultant February 2015.

Semiconductors Manufacturers Anti Counterfeiting Activities Peter Marston Business Development and Technical Consultant February 2015.
Supply Chain Management

Supply Chain Management
1TBBY0711 Quality Engineering Michael Barkenhagen/Raymond Tadros (909) 273-4984/(909) 273-4209

1TBBY0711 Quality Engineering Michael Barkenhagen/Raymond Tadros (909) /(909)
Office of the Secretary of Defense Defense Microelectronics Activity (DMEA) Defense Microelectronics Activity (DMEA) Doug Casanova Defense Microelectronics.

Office of the Secretary of Defense Defense Microelectronics Activity (DMEA) Defense Microelectronics Activity (DMEA) Doug Casanova Defense Microelectronics.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.

Extensible Processors. 2 ASIP Gain performance by:  Specialized hardware for the whole application (ASIC). −  Almost no flexibility. −High cost.  Use.
Developing Products and Services

Developing Products and Services
General FPGA Architecture Field Programmable Gate Array.

General FPGA Architecture Field Programmable Gate Array.
 PROFILE  ABOUT US  COMPANY FORECAST  UNITEDMAX MISSION  UNITEDMAX CULTURES PRODUCTS  LINE CARD-main brand  1st RATED CUSTOMERS AT A GLANCE  VALUE.

 PROFILE  ABOUT US  COMPANY FORECAST  UNITEDMAX MISSION  UNITEDMAX CULTURES PRODUCTS  LINE CARD-main brand  1st RATED CUSTOMERS AT A GLANCE  VALUE.
Managing Procurement and Sourcing Getting What You Need.

Managing Procurement and Sourcing Getting What You Need.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
Globalpress Electronics Summit

Globalpress Electronics Summit
Counterfeit and Gray Market Flow Chart

Counterfeit and Gray Market Flow Chart

Similar presentations

Ads by Google